You can't secure what you don't acknowledge.SM

Friday, May 11, 2012

Web application security assessment war stories

I spend a lot of time performing Web security assessments and every project is a neat learning experience for me. I'm always eager to share my Web security war stories, what to do and what NOT to do so here are some new pieces you may be interested in...From exploiting Web vulnerabilities to IT geek speak and a bunch of stuff in between, I hope there's something here for you:

The Value of Web Exploitation

Web Application Firewalls and the False Sense of Security They can Create

Not All Web Vulnerabilities Are What They Appear to Be

The One Web Security Testing Oversight You Don’t Want to Miss

IT Geek Speak and What Management Really Needs to Hear


As always, check out for links to all of my information security whitepapers, podcasts, webcasts, books and more.

Thursday, May 10, 2012

New video: The things my most secure clients have in common

Quote on reasoning with the unreasonable and why character is critical

Be it executives with their heads in the sand over security or know-it-all propeller heads who can't see the big picture of business risk, I've found that you just can't reason with the unreasonable. Here's something that Robert Schuller said that underscores the issue and helps us understand why being the bigger person is most important:

"People are unreasonable, illogical and self-centered. Love them anyway. If you do good, people will accuse you of selfish ulterior motives. Do good anyway. If you are successful, you will win false friends and true enemies. Succeed anyway. Honesty and frankness make you vulnerable. Be honest and frank anyway."

Speaking of principles and character, I read a recent article by Larry Reed in the Atlanta Business Chronicle titled Character: Nothing is more important. This one piece sums up what I believe it truly takes to be successful in IT and information security. I especially like the part where Mr. Reed says "Integrity is more important than all the degrees you’ve earned, all the management courses you could possibly take, and all the knowledge that you could absorb on any subject." I couldn't agree more.

Focus on these things and you'll see that there's a vast conspiracy out there to make you successful.